Wednesday, March 11, 2026

UK Car Refund Phishing Email with subject You Might Qualify for a Car Finance Refund - Find Out in 60 Seconds


For the record, this is a Microsoft Cloud storage phishing email attempt that is recently going around, with subject Votre Cloud est plein. Agissez maintenant ou perdez tout. Contains attachment cloud.pdf, do not open. All pdfs can contain malware.

What to do?  Report them, goto bottom of page. 


From: UK Refund Review <noreply@yuyu2-a554d.firebaseapp.com>

Subject: You Might Qualify for a Car Finance Refund - Find Out in 60 Seconds



“Had a car on finance between 2007 – 2024?
You're invited to check if you're owed money back”

CHECK REFUNDS

✓ A finance agreement from 2007 – 2024.

✓ Invited to check if you're owed money.

✓ We find your previous agreements.

✓ Average of £700* per eligible agreement

\*On 07/10/2025, the FCA, in Consultation Paper (CP25/27), expect eligible consumers to receive an average of £700 per agreement.

Right 2 Redress is a trading name of Reclaim My Money Limited, who is authorised and regulated by the Financial Conduct Authority for Claims Management Activity (FRN: 934965) and registered under the Data Protection Act 2018 (ZB630486). The company is registered in England and Wales (No. 12838621) with its registered office at 85 Gresham Street, London, EC2V 7NQ. We will receive referral fees from third parties for successful claims at no cost to you. Using our service does not guarantee a faster or better outcome. You can also claim for free through your lender, the Financial Ombudsman Service, or the FCA compensation scheme launching in 2026.

CHECK REFUNDS NOW →

PHISHING LINKs;

1. https://www.augenticdsz.com/xxx/xxx/?creative_id=xxx (buttons)
2. https://lh3.googleusercontent.com/d/xxxx (image)


How to tell this is a Phishing email?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the company's website then forget it.
  3. The best way is to 

How to examine Email Message Source?

Now let's look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from source domain, like apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Posted by metadataconsulting (profile) at 7:00 AM 0 comments

Tuesday, March 10, 2026

Filezilla fake site distributes malware


The FileZilla fake site is at https://filezilla-project.live/ and looks nearly identical to proper site. Launches a trojan when you run the first time, by downloading version.dll that does come with original zip.


FileZilla proper site at https://filezilla-project.org/





























Source: https://www.malwarebytes.com/blog/threat-intel/2026/03/a-fake-filezilla-site-hosts-a-malicious-download
Posted by metadataconsulting (profile) at 7:00 AM 0 comments

Friday, March 6, 2026

Microsoft Cloud Phishing Email with subject Votre Cloud est plein. Agissez maintenant ou perdez tout


For the record, this is a Microsoft Cloud storage phishing email attempt that is recently going around, with subject Votre Cloud est plein. Agissez maintenant ou perdez tout. Contains attachment cloud.pdf, do not open. All pdfs can contain malware.

What to do?  Report them, goto bottom of page. 


From: Avertissement Cloud Sync <atamaria.tonil@willingdonclub.com>

Subject: Votre Cloud est plein. Agissez maintenant ou perdez tout


Microsoft

Centre de notifications

Madame, Monsieur,

Nous avons détecté que votre service de stockage en ligne Microsoft nécessite une intervention afin d’éviter la perte permanente de vos contenus numériques.

⚠️ Risque de suppression de vos contenus personnels Votre plan de stockage expire aujourd'hui. Renouvelez-le pour protéger vos données.

Le système de sauvegarde en nuage synchronise automatiquement vos photos, vidéos, fichiers personnels et documents professionnels sur tous les appareils associés à votre profil.

DÉTAILS DU COMPTE Numéro de compte: xxxxxxx Abonnement actif: Stockage en nuage Date d'expiration: AUJOURD'HUI

Sans renouvellement, la synchronisation sera automatiquement désactivée et la récupération des contenus sauvegardés ne sera plus possible.

Activer la capacité supplémentaire

Message automatique : Cette notification est générée par le système. Il n'est pas possible de répondre à cette adresse.



PHISHING LINKs;

1. http://xn--43ioy43ioy43ioy-7va96ffag18c80d.haticeria.co.id/xxx.xxx


How to tell this is a Phishing email?

  1. Check email address in full, if it's not from originating company then it's phishing.
  2. Hover over all links in email, if it's not from the company's website then forget it.
  3. The best way is to 

How to examine Email Message Source?

Now let's look at message source
  1. Outlook.com->Actions->View Message Source. 
  2. Gmail.com->More (down arrow to top right)->Show original.
Check for suspicious links, anything that does not originate from source domain, like apple.com.


Report Phishing Email (not as Spam)

  1. Outlook.com->Junk (at Top)->Phishing Scam
  2. Gmail.com->More (down-arrow to top right)->Report Phishing 

Report Phishing to Google

If you have received this email, take further action by

  1. https://www.google.com/safebrowsing/report_phish/

Report phishing at Microsoft and government agencies

  1. http://www.microsoft.com/security/online-privacy/phishing-faq.aspx

Posted by metadataconsulting (profile) at 7:00 AM 0 comments
Subscribe to: Comments (Atom)